Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c768f15e-576e-48c0-91d4-8446a6be70a8.roa
File:                     c768f15e-576e-48c0-91d4-8446a6be70a8.roa (raw, json)
Hash identifier:          rqPBHJSdD9IYbn9kYYTJxKpEsNExvDG/T23+Jd+KcDE=
Subject key identifier:   30:2B:4A:D5:85:04:E9:95:CA:07:76:92:EF:22:21:5C:D6:88:C6:9F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       372BBAF3210F1FE4264EF37671155D08FE627209
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c768f15e-576e-48c0-91d4-8446a6be70a8.roa
Signing time:             Fri 11 Jul 2025 20:20:56 +0000
ROA not before:           Fri 11 Jul 2025 20:20:56 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d032:e000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:2b:ba:f3:21:0f:1f:e4:26:4e:f3:76:71:15:5d:08:fe:62:72:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Jul 11 20:20:56 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=2f0dfee5a9399802b010d57ea518ae1dd481682a71903abc25b4ee37e4990789, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:68:4e:d5:c9:4a:4b:b2:28:2c:1d:98:09:f5:
                    43:7a:b1:79:9d:74:31:6a:01:e8:30:4e:0b:21:f5:
                    b8:b0:c5:45:e5:77:b5:0c:8f:9c:9e:5b:fb:d5:02:
                    7d:d0:34:a4:8c:9e:70:05:55:d3:42:f5:8e:f7:f9:
                    da:20:ff:7c:8d:3d:e5:a3:67:33:72:8c:e6:bd:4e:
                    7a:a4:ae:e0:a8:ea:4d:b3:5a:8b:cd:d6:cc:3f:3d:
                    5f:15:af:87:23:d5:68:3f:20:7f:48:b8:9a:9b:82:
                    ac:4d:98:59:62:ac:67:15:d2:1e:76:b1:f4:39:62:
                    74:af:66:d7:dc:65:c6:8f:f7:cc:0c:11:40:dc:d3:
                    25:1e:e2:53:a5:f5:4f:b7:5d:e9:68:68:64:61:b4:
                    53:39:dc:e0:c5:0a:5a:a9:a5:c0:28:a2:91:cf:f1:
                    0d:56:dd:bb:2d:4f:fd:61:8d:cd:e5:40:be:40:08:
                    7f:ea:d4:c8:08:19:3a:70:8d:ef:22:e1:72:c1:a0:
                    06:7a:bd:50:44:e2:98:05:b0:66:68:0a:15:3d:0d:
                    32:b2:e6:04:e9:26:52:2c:49:17:24:5a:f9:73:53:
                    e1:14:9a:47:4a:9a:f4:5a:7a:6d:73:44:f5:cf:1b:
                    9f:74:2b:32:48:9f:3b:1c:0f:0e:2b:c8:bf:da:e1:
                    40:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:2B:4A:D5:85:04:E9:95:CA:07:76:92:EF:22:21:5C:D6:88:C6:9F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c768f15e-576e-48c0-91d4-8446a6be70a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d032:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         43:28:3f:a7:b9:27:6b:67:c8:99:f3:3f:f7:17:aa:cd:0e:7f:
         16:eb:fd:48:6e:9d:41:62:2f:e5:52:52:29:70:9e:a1:44:3b:
         fd:51:30:5c:5d:30:3b:ea:cb:25:ca:61:52:db:94:1e:55:fe:
         64:c6:e8:df:95:9b:74:dc:61:50:1a:4f:9b:d9:d0:e8:6d:0c:
         f4:32:4f:ff:1d:9e:38:7e:c8:d5:3f:6b:af:bc:b4:5d:9a:03:
         94:ce:5c:bc:31:53:b2:ea:c2:5c:e2:04:1c:43:f9:5f:bd:5c:
         79:b5:f6:ba:71:c0:41:28:1b:6a:27:b3:8f:52:0e:36:a7:0c:
         fb:86:85:11:d6:5d:a1:2e:bd:02:d4:96:ce:98:30:38:0b:70:
         0d:7a:26:59:54:48:ff:75:c9:a2:4c:fb:3f:19:9d:30:01:8a:
         28:9a:63:90:b9:f0:d4:8c:f2:37:36:b5:2d:d0:af:9a:8f:08:
         71:a2:4c:66:de:01:5f:fc:a2:fe:34:01:73:05:df:a6:49:a6:
         2f:d3:c7:f2:0e:35:1d:25:77:2b:81:2f:77:b4:7e:b5:3f:ac:
         13:65:e1:42:08:79:2e:c0:b8:87:d6:ac:2b:c3:7a:ad:73:3a:
         22:85:81:9f:38:5a:8c:94:6e:e3:b1:b6:3a:68:52:70:81:e1:
         51:f6:7d:59
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNyu68yEPH+QmTvN2cRVdCP5icgkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTEyMDIwNTZaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDJmMGRmZWU1YTkzOTk4MDJiMDEwZDU3ZWE1MThhZTFkZDQ4MTY4MmE3MTkw
M2FiYzI1YjRlZTM3ZTQ5OTA3ODkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIpoTtXJSkuyKCwdmAn1Q3qxeZ10MWoB6DBOCyH1uLDFReV3tQyPnJ5b+9UC
fdA0pIyecAVV00L1jvf52iD/fI095aNnM3KM5r1OeqSu4KjqTbNai83WzD89XxWv
hyPVaD8gf0i4mpuCrE2YWWKsZxXSHnax9DlidK9m19xlxo/3zAwRQNzTJR7iU6X1
T7dd6WhoZGG0Uznc4MUKWqmlwCiikc/xDVbduy1P/WGNzeVAvkAIf+rUyAgZOnCN
7yLhcsGgBnq9UETimAWwZmgKFT0NMrLmBOkmUixJFyRa+XNT4RSaR0qa9Fp6bXNE
9c8bn3QrMkifOxwPDivIv9rhQE0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQwK0rV
hQTplcoHdpLvIiFc1ojGnzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Yzc2OGYxNWUtNTc2ZS00OGMwLTkxZDQtODQ0NmE2YmU3MGE4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DLg
MA0GCSqGSIb3DQEBCwUAA4IBAQBDKD+nuSdrZ8iZ8z/3F6rNDn8W6/1Ibp1BYi/l
UlIpcJ6hRDv9UTBcXTA76sslymFS25QeVf5kxujflZt03GFQGk+b2dDobQz0Mk//
HZ44fsjVP2uvvLRdmgOUzly8MVOy6sJc4gQcQ/lfvVx5tfa6ccBBKBtqJ7OPUg42
pwz7hoUR1l2hLr0C1JbOmDA4C3ANeiZZVEj/dcmiTPs/GZ0wAYoommOQufDUjPI3
NrUt0K+ajwhxokxm3gFf/KL+NAFzBd+mSaYv08fyDjUdJXcrgS93tH61P6wTZeFC
CHkuwLiH1qwrw3qtczoihYGfOFqMlG7jsbY6aFJwgeFR9n1Z
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:50:30 2025 by rpki-client